-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprivacy.html
More file actions
157 lines (140 loc) · 9.14 KB
/
privacy.html
File metadata and controls
157 lines (140 loc) · 9.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Privacy Policy — Tacit Protocol</title>
<meta name="description" content="Privacy Policy for Tacit Protocol — how we handle your data with cryptographic privacy by design.">
<link rel="icon" type="image/svg+xml" href="/favicon.svg">
<link rel="preconnect" href="https://fonts.googleapis.com">
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
<style>
:root {
--bg: #0a0a0b;
--bg-card: #16161a;
--border: #2a2a2e;
--text: #e4e4e7;
--text-secondary: #a1a1aa;
--accent: #6366f1;
}
* { margin: 0; padding: 0; box-sizing: border-box; }
body { font-family: 'Inter', sans-serif; background: var(--bg); color: var(--text); line-height: 1.7; }
.container { max-width: 760px; margin: 0 auto; padding: 4rem 1.5rem; }
a { color: var(--accent); text-decoration: none; }
a:hover { text-decoration: underline; }
h1 { font-size: 2rem; font-weight: 700; margin-bottom: 0.5rem; }
h2 { font-size: 1.25rem; font-weight: 600; margin-top: 2.5rem; margin-bottom: 0.75rem; }
h3 { font-size: 1rem; font-weight: 600; margin-top: 1.5rem; margin-bottom: 0.5rem; }
p, li { color: var(--text-secondary); margin-bottom: 1rem; }
ul { padding-left: 1.5rem; }
li { margin-bottom: 0.5rem; }
.meta { color: var(--text-secondary); font-size: 0.875rem; margin-bottom: 2rem; }
.back { display: inline-flex; align-items: center; gap: 0.5rem; margin-bottom: 2rem; font-size: 0.875rem; }
.highlight { background: rgba(99, 102, 241, 0.1); border-left: 3px solid var(--accent); padding: 1rem 1.25rem; border-radius: 0 0.5rem 0.5rem 0; margin: 1.5rem 0; }
.highlight p { margin-bottom: 0; }
hr { border: none; border-top: 1px solid var(--border); margin: 3rem 0; }
</style>
</head>
<body>
<div class="container">
<a href="/" class="back">← Back to Tacit Protocol</a>
<h1>Privacy Policy</h1>
<p class="meta">Last updated: March 3, 2026</p>
<div class="highlight">
<p><strong>Our core principle:</strong> Your identity is yours. We designed Tacit Protocol so that private keys never leave your device, agents exchange trust tokens instead of raw data, and every interaction requires your explicit consent.</p>
</div>
<h2>1. What We Collect</h2>
<h3>Information You Provide</h3>
<ul>
<li><strong>Account information:</strong> Email address, display name, bio, and profile details you choose to share</li>
<li><strong>Connected accounts:</strong> OAuth tokens from Google, GitHub, or LinkedIn when you verify your identity (we store the connection, not your password)</li>
<li><strong>Contact form submissions:</strong> Name, email, organization, and message when you reach out to us</li>
</ul>
<h3>Information Generated by the Protocol</h3>
<ul>
<li><strong>Decentralized Identifier (DID):</strong> A cryptographic identifier generated on your device using Ed25519 key pairs</li>
<li><strong>Trust score:</strong> An algorithmically derived score based on account tenure, credential consistency, and network attestations</li>
<li><strong>Engagement data:</strong> Introduction requests, match status, and messaging metadata</li>
</ul>
<h3>Information We Do NOT Collect</h3>
<ul>
<li><strong>Private keys:</strong> Generated and stored locally on your device (IndexedDB). We never have access to them.</li>
<li><strong>Passwords from connected accounts:</strong> OAuth grants access without sharing credentials</li>
<li><strong>Browsing data:</strong> We do not use tracking pixels, third-party analytics, or advertising cookies</li>
</ul>
<h2>2. How We Use Your Data</h2>
<ul>
<li><strong>Identity verification:</strong> To compute trust scores and generate Verifiable Credentials</li>
<li><strong>Matchmaking:</strong> To connect users with compatible intents (seeking/offering alignment)</li>
<li><strong>Messaging:</strong> To facilitate direct communication between matched users</li>
<li><strong>Service improvement:</strong> Aggregate, anonymized usage data to improve the protocol</li>
<li><strong>Communication:</strong> To respond to inquiries and send service-related notifications</li>
</ul>
<h2>3. Cryptographic Privacy</h2>
<p>Tacit Protocol is designed with privacy as architecture, not policy:</p>
<ul>
<li><strong>Key pairs:</strong> Ed25519 keys are generated client-side and stored in your browser's IndexedDB. The server never sees your private key.</li>
<li><strong>Trust tokens:</strong> When agents exchange identity verification, they share cryptographic proofs — not raw personal data.</li>
<li><strong>Double opt-in:</strong> Every introduction, match, and data sharing request requires explicit consent from both parties.</li>
<li><strong>Progressive reveal:</strong> You control what information is shared at each stage of an interaction.</li>
</ul>
<h2>4. Data Storage and Security</h2>
<ul>
<li><strong>Database:</strong> Profile data and messages are stored in Supabase (PostgreSQL) with Row Level Security (RLS) policies ensuring users can only access their own data</li>
<li><strong>Encryption in transit:</strong> All communications use TLS/HTTPS</li>
<li><strong>File storage:</strong> Avatars are stored in Supabase Storage with per-user access controls</li>
<li><strong>Local storage:</strong> Private keys and sensitive data are stored in your browser's IndexedDB, not on our servers</li>
</ul>
<h2>5. Data Sharing</h2>
<p>We do not sell, rent, or trade your personal data. We may share data only in these circumstances:</p>
<ul>
<li><strong>With your consent:</strong> When you explicitly choose to share information with another user through the match/introduction system</li>
<li><strong>Legal obligations:</strong> When required by law, subpoena, or legal process</li>
<li><strong>Safety:</strong> To prevent fraud, abuse, or threats to safety</li>
</ul>
<h2>6. Your Rights</h2>
<p>You have the right to:</p>
<ul>
<li><strong>Access:</strong> View all data we hold about you through your Profile and Settings pages</li>
<li><strong>Correction:</strong> Update your profile information at any time</li>
<li><strong>Deletion:</strong> Delete your account and all associated data through Settings. This removes your profile, messages, credentials, and engagement history from our systems</li>
<li><strong>Portability:</strong> Your DID and cryptographic keys are already under your control and can be used independently of our Services</li>
<li><strong>Objection:</strong> Contact us to object to specific data processing activities</li>
</ul>
<h2>7. GDPR Compliance</h2>
<p>For users in the European Economic Area (EEA), we process data under these legal bases:</p>
<ul>
<li><strong>Consent:</strong> For account creation and identity verification</li>
<li><strong>Legitimate interest:</strong> For service improvement and security</li>
<li><strong>Contract:</strong> For providing the Services you requested</li>
</ul>
<p>You may exercise your GDPR rights by contacting <a href="mailto:tacitprotocol@proton.me">tacitprotocol@proton.me</a>.</p>
<h2>8. Cookies</h2>
<p>We use only essential cookies required for authentication and session management. We do not use:</p>
<ul>
<li>Advertising or tracking cookies</li>
<li>Third-party analytics cookies</li>
<li>Social media tracking pixels</li>
</ul>
<h2>9. Data Retention</h2>
<ul>
<li><strong>Active accounts:</strong> Data is retained as long as your account is active</li>
<li><strong>Deleted accounts:</strong> All data is deleted within 30 days of account deletion</li>
<li><strong>Contact form submissions:</strong> Retained for up to 2 years for business purposes</li>
<li><strong>Cryptographic attestations:</strong> Trust attestations signed by your DID may persist on the network as verifiable records, as they are cryptographically independent of our systems</li>
</ul>
<h2>10. Children's Privacy</h2>
<p>The Services are not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.</p>
<h2>11. Changes to This Policy</h2>
<p>We may update this Privacy Policy from time to time. We will notify users of material changes through the Services or by email. The "Last updated" date at the top indicates when the policy was last revised.</p>
<h2>12. Contact</h2>
<p>For privacy-related questions or to exercise your rights:</p>
<ul>
<li>Email: <a href="mailto:tacitprotocol@proton.me">tacitprotocol@proton.me</a></li>
<li>GitHub: <a href="https://github.com/tacitprotocol/tacit/issues">Open an issue</a></li>
</ul>
<hr>
<p><a href="/">← Back to Tacit Protocol</a> · <a href="/terms.html">Terms of Service</a></p>
</div>
</body>
</html>